PHP | Searching for the user and vulnerability for attacks

Introduction:

I am using MySQLi to prevent any further attacks to my website. I'm just a 13 y/o and a Grade 8 (2nd Year Highschool Student) starting here on PHP and MySQL "functions". I am using PHP 5.6.16, MySQL version of: 5.7.9, and using WAMP

Problem:

MySQL error # 1064 and SQLi vulnerability

How to "reproduce" the problem?

To "reproduce" the problem is, when you search for the user, add some weird characters. Like adding a " ') " character in the search box.

Suggestion on fixing this problem:

Sanitizing the text box input and prevent any weird or unrecognized characters to be "searched"

You are sending the values directly into the database query before validating them which may cause dangers.To prevent sql injections there are inbuilt php functions like mysqli_real_escape_string(). being that said a complete better solution is using Php prepared statements with PDO..

In your code: when you are taking some data from user either from get or post variables do this